Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Michael Wojcik wrote: >> From what I read about this, sserver is pserver over SSL. >> AFAIK SSL works like this (simplified): >> >> - Client requests a connection, telling what ciphers it supports >> - Server uses best cipher it also supports and sends cert, >> usually containing a public key and a CA (if no CA, the cert >> has to be trusted on the client) > > Not really. Thanks for the clarifications. > First, a CA (Certification Authority) is an organization, not a document; > you can't "send a CA". Of course not... :) What I meant with "send a CA" was "send the information that allows the receiver to contact a commonly trusted CA and verify the certificate" (like someone may ask me to "give [her] my email" :). So in the end, it seems still to boil down to that a cert has either to be trusted on the client, or be signed by a CA that's trusted on the client. And you seem to say that by installing the cvsnt client, the certificate that comes with it is automatically trusted (by the cvsnt client), right? > If you want real security, with authentication, you replace that > self-signed certificate with a proper CA-signed one, and make sure the > client has the appropriate root certificate available, and configure the > client to require a properly-signed server certificate. Or you use your own self-signed certificate, and make sure it's registered as trusted on all clients. Gerhard